In a statement on Friday, the company said a vulnerability in a database containing the names and driver’s license numbers of Uber drivers allowed an unauthorized third party to obtain access. Uber said it realized the database may have been hacked into last September.
“Immediately upon discovery we changed the access protocols for the database, removing the possibility of unauthorized access,” said Katherine Tassi, Uber’s managing counsel of data privacy.
An internal investigation revealed that as many as 50,000 drivers across multiple states may have been affected, “which is a small percentage of current and former Uber driver partners,” the company said. It’s believed that the breach which precipitated the data theft occurred on May 13, 2014.
“We are notifying impacted drivers, but we have not received any reports of actual misuse of information as a result of this incident,” Tassi added.
According to the Breach Level Index published by digital security company Gemalto, over a billion personal data records were compromised by hackers last year. Identity theft was the primary motivation behind more than half of the breaches examined.
Uber said it will provide impacted drivers with a free one-year membership to an identity theft alert service. Additionally, the company said it filed a lawsuit to gather additional information that may confirm the identity of its attacker.
Photo via Uber